b'May 2009\nReport No. AUD-09-013\n\n\nFDIC\xe2\x80\x99s Corporate Investment Program\n\n\n\n\n            AUDIT REPORT\n\x0c                                            Report No. AUD-09-013                                                       May 2009\n\n                                            FDIC\xe2\x80\x99s Corporate Investment Program\n\n                                            Audit Results\n   Federal Deposit Insurance Corporation\n\n\nWhy We Did The Audit                        KPMG found that the FDIC had implemented a number of important controls\n                                            designed to ensure that the DIF and NLF are managed consistent with the FDIC\xe2\x80\x99s\nThe FDIC Office of Inspector General        Board-approved investment policies. Of particular note, DOF had developed\n(OIG) contracted with KPMG LLP              detailed procedures and guidelines to manage the day-to-day operations of the funds.\n(KPMG) to conduct a performance audit       Additionally, the FDIC had created an Investment Advisory Group to monitor the\nof the FDIC\xe2\x80\x99s Corporate Investment          performance of the funds and advise the CFO on investment strategies pertaining to\nProgram. The results of this audit          the funds. Further, the CFO and DOF officials reported regularly to the Board on\nsupport the OIG\xe2\x80\x99s commitment to FDIC        the funds\xe2\x80\x99 performance and were taking proactive measures to help ensure the\nmanagement to conduct an independent\n                                            viability of the funds in response to uncertainties in the banking industry. While\naudit of the Corporate Investment\nProgram every 3 years.                      these actions are positive, control improvements in the following areas of the\n                                            Corporate Investment Program are warranted.\nThe objective of the audit was to assess\nthe FDIC\xe2\x80\x99s controls for ensuring that the   \xe2\x80\xa2   The FDIC\xe2\x80\x99s Corporate Investment Policy and DOF\xe2\x80\x99s detailed investment\nDeposit Insurance Fund (DIF) and the            procedures and guidelines did not reflect current statutory definitions or\nNational Liquidation Fund (NLF) are             investment management practices in some areas.\nmanaged consistent with the FDIC\xe2\x80\x99s\n                                            \xe2\x80\xa2   Although the FDIC has a strategy for responding to a liquidity contingency\ninvestment policies approved by the\nCorporation\xe2\x80\x99s Board of Directors                involving the DIF, the FDIC can enhance its response planning by developing a\n(Board). KPMG used the Government               comprehensive, written contingency funding plan that describes how the\nAccountability Office\xe2\x80\x99s Standards for           Corporation will implement its strategy under the various contingency scenarios\nInternal Control in the Federal                 that could occur.\nGovernment as the principal criteria for    \xe2\x80\xa2   Although DOF implemented a number of important controls over the purchase\nconducting the audit.                           and sale of investment securities in the DIF and NLF, DOF\xe2\x80\x99s investment\n                                                procedures do not define a dual control over the authorization and execution of\nBackground                                      securities transactions wherein the authorization is documented in advance of\n                                                the transaction by an individual other than the person responsible for executing\nThe DIF portfolio includes corporate            the transaction.\ninvestments, while the NLF portfolio        \xe2\x80\xa2   Although DOF has taken steps to help ensure the integrity of its key computer-\nincludes funds held by the FDIC in its          based financial models, it had not ensured periodic independent validations of\nreceivership and corporate liquidator           the models to ensure they function as intended.\ncapacity. As of September 30, 2008, the\nmarket value of the DIF and NLF were        These control improvements will help ensure that the Corporation\xe2\x80\x99s investment\n$34.59 billion and $2.86 billion,           management processes are repeatable, consistent, and disciplined and that\nrespectively.                               operational risk associated with staff departures is minimized. Such control\n                                            improvements will also promote separation of duties and help mitigate the risk of\nThe management of the DIF and NLF is\ngoverned by two separate policies           errors. KPMG identified one additional potential control enhancement pertaining to\napproved by the Board. Among other          interest rate risk management that the firm is reporting separately because the matter\nthings, these policies define investment    was not considered significant in the context of the audit results.\nobjectives for the funds, key roles and\nresponsibilities, and reporting             Recommendations\nrequirements to the Board. The Board\ndelegated to the Deputy to the Chairman     KPMG recommended that the CFO and Director, DOF:\nand Chief Financial Officer (CFO) the\n                                              \xe2\x80\xa2 update the Corporate Investment Policy and DOF\xe2\x80\x99s detailed investment\nresponsibility for managing the DIF and\ninvesting and accounting for the NLF.             procedures and guidelines (where appropriate) and perform periodic\nThe Director, Division of Finance                 program assessments to ensure controls operate as intended;\n(DOF), under the general supervision of       \xe2\x80\xa2 develop a comprehensive, written contingency funding plan for the DIF;\nthe CFO, is responsible for                   \xe2\x80\xa2 establish a system of dual control over securities transactions; and\nimplementing the Corporation\xe2\x80\x99s                \xe2\x80\xa2 periodically validate key computer-based financial models.\ninvestment strategies and for managing\nthe day-to-day financial transactions of\n                                            Management generally concurred with KPMG\xe2\x80\x99s recommendations and plans to take\nthe funds.\n                                            responsive actions.\n\n To view the full report, go to www.fdicig.gov/2009reports.asp\n\x0cFederal Deposit Insurance Corporation                                                               Office of Audits\n3501 Fairfax Drive, Arlington, VA 22226                                                Office of Inspector General\n\n\nDATE:                                     May 14, 2009\n\nMEMORANDUM TO:                            Steven O. App\n                                          Deputy to the Chairman and Chief Financial Officer\n\n                                          Bret D. Edwards, Director\n                                          Division of Finance\n\n\n                                          /Signed/\nFROM:                                     Russell A. Rau\n                                          Assistant Inspector General for Audits\n\nSUBJECT:                                  FDIC\xe2\x80\x99s Corporate Investment Program\n                                          (Report No. AUD-09-013)\n\n\nThe subject final report is provided for your information and use. Please refer to the Executive\nSummary, included in the report, for the overall audit results.\n\nOur evaluation of your response is incorporated into the body of the report. Your comments on\na draft of this report were responsive to all five of the report\xe2\x80\x99s recommendations, which are\nconsidered resolved. The recommendations will remain open for reporting purposes until we\nhave determined that agreed-to corrective actions have been completed and are responsive.\n\nIf you have questions concerning the report, please contact me at (703) 562-6350, or Mark F.\nMulholland, Deputy Assistant Inspector General for Audits, at (703) 562-6316. We appreciate\nthe courtesies extended to the audit staff.\n\nAttachment\n\ncc: Connie A. Brindle, DOF\n    James H. Angel, Jr., OERM\n\x0c                               Table of Contents\n\n\nPart I\n\n   Report by KPMG                                  I-1\n   FDIC\xe2\x80\x99s Corporate Investment Program\n\n\n\nPart II\n\n   Corporation Comments and OIG Evaluation         II-1\n\n   Corporation Comments                            II-2\n\n   Management Responses to Recommendations         II-6\n\x0c      Part I\n\nReport by KPMG LLP\n\x0c                               KPMG LLP\n                               2001 M Street, NW\n                               Washington, DC 20036\n\n\n\n\nMay 14, 2009\n\nHonorable Jon T. Rymer\nInspector General\nFederal Deposit Insurance Corporation\n3501 Fairfax Drive\nArlington, VA 22226\n\n\nRe:     Transmittal of Results for the Audit of FDIC\xe2\x80\x99s Corporate Investment Program (Report\n        No. AUD-09-013)\n\nDear Mr. Rymer:\n\nThis letter is to acknowledge delivery of our final report representing the results of our performance\naudit of the FDIC\xe2\x80\x99s Corporate Investment Program in accordance with Task Assignment Number\n08-08 dated September 26, 2008. The objective of this performance audit was to assess the FDIC\xe2\x80\x99s\ncontrols for ensuring that the Deposit Insurance Fund (DIF) and National Liquidation Fund (NLF)\nare managed consistent with the FDIC\xe2\x80\x99s investment policies approved by the Board of Directors\n(the Board). As part of our work, we interviewed key officials with responsibility for managing and\nimplementing the Corporate Investment Program, including the Deputy to the Chairman and Chief\nFinancial Officer (CFO) and Division of Finance (DOF) officials. We also reviewed relevant FDIC\npolicies, procedures, guidelines, plans, and reports pertaining to the Corporate Investment Program.\n\nWe conducted our performance audit in accordance with Generally Accepted Government Auditing\nStandards. Those standards require that we plan and perform the audit to obtain sufficient,\nappropriate evidence to provide a reasonable basis for our findings and conclusions based on our\naudit objective. We believe that the evidence obtained provides a reasonable basis for our findings\nand conclusions based on our audit objective.\n\nIn summary, we found that the FDIC had implemented a number of important controls designed to\nensure that the DIF and NLF are managed consistent with the FDIC\xe2\x80\x99s Board-approved investment\npolicies. Of particular note, DOF had developed detailed procedures and guidelines to manage the\nday-to-day operations of the funds. Additionally, the FDIC had created an Investment Advisory\nGroup to monitor the performance of the funds and advise the CFO on investment strategies\npertaining to the funds. Further, the CFO and DOF officials reported regularly to the Board on the\nfunds\xe2\x80\x99 performance and were taking proactive measures to help ensure the viability of the funds in\nresponse to uncertainties in the banking industry.\n\nWhile these actions are positive, control improvements in some areas of the Corporate Investment\nProgram are warranted. Specifically, the FDIC\xe2\x80\x99s Corporate Investment Policy and DOF\xe2\x80\x99s detailed\nprocedures and guidelines did not reflect current investment management practices in some areas.\nIn addition, although the FDIC had a strategy for responding to a liquidity contingency involving\nthe DIF, the FDIC can enhance its response planning by developing a comprehensive, written\ncontingency funding plan that describes how the Corporation will implement its strategy under the\nvarious contingency scenarios that could occur. Further, the FDIC can enhance its investment\n\n\n\n\n                                 KPMG LLP, a U.S. limited liability partnership, is the U.S.\n                                 member firm of KPMG International, a Swiss cooperative.\n\x0cmanagement controls by implementing a system of dual control over the authorization and\nexecution of securities transactions and conducting periodic independent validations of key\ncomputer-based financial models to ensure they function as intended. We identified one additional\npotential control enhancement pertaining to interest rate risk management that we are reporting to\nthe Office of Inspector General (OIG) separately because we do not consider the matter to be\nsignificant in the context of our performance audit results.\n\nWe issued a draft of this report on February 25, 2009. We subsequently met with representatives of\nDOF and the OIG and obtained informal feedback on the draft report. Based on the informal\nfeedback we received, we made certain changes that we deemed appropriate. On May 8, 2009, the\nCFO and Director, DOF, provided a formal written response to our draft report.\n\nOur work did not include an assessment of the sufficiency of deposit insurance assessments or other\nfunding sources to cover anticipated losses from insured depository institutions. KPMG cautions\nthat projecting the results of our audit to future periods is subject to the risks that controls may\nbecome inadequate because of changes in conditions or because compliance with controls may\ndeteriorate. The information included in this report was obtained from the FDIC on or before\nFebruary 25, 2009. We have no obligation to update our report or to revise the information\ncontained therein to reflect events and transactions occurring subsequent to February 25, 2009.\n\nKPMG policy requires that we obtain a management representation letter associated with the\nissuance of a performance audit report citing Generally Accepted Government Auditing Standards.\nWe requested a management representation letter from the Director, DOF, on February 20, 2009\nand received the signed representation letter on February 25, 2009.\n\nPlease contact Mark Twerdok at (412) 232-1599 if you have any questions or comments regarding\nthis report.\n\n\nSincerely,\n\n\n\n\n                                                -2-\n\x0cFDIC\xe2\x80\x99s Corporate Investment Program\n\nFINAL REPORT\n\nPrepared for the\nFederal Deposit Insurance Corporation\nOffice of Inspector General\nMay 14, 2009\n\n\n\n\nKPMG LLP\n2001 M Street, NW\nWashington, DC 20036\n\x0c                                  Table of Contents\n\nEXECUTIVE SUMMARY                                                               2\n\nBACKGROUND                                                                      4\n\nCORPORATE INVESTMENT PROGRAM POLICIES, PROCEDURES, AND                          7\nGUIDELINES\n\n  Recommendations Related to Corporate Investment Program Policy, Procedures,   8\n  and Guidelines and Associated Internal Reviews\n\nCONTINGENCY RESPONSE PLANNING                                                   9\n\n  Recommendation Related to Contingency Response Planning                       11\n\nAUTHORIZATIONS TO PURCHASE AND SELL INVESTMENT                                  12\nSECURITIES\n\n  Recommendation Related to the Authorizations and Execution of Investment      13\n  Securities Transactions\n\nVALIDATION OF COMPUTER-BASED FINANCIAL MODELS                                   13\n\n  Recommendation Related to Performing Independent Validations of Computer-     14\n  based Financial Models\n\nFIGURE\n\n  DIF and NLF Governance Framework                                              6\n\nTABLE\n\n  Key Corporate Investment Program Policies, Procedures, and Guidelines         7\n\nAPPENDIX I: OBJECTIVE, SCOPE, AND METHODOLOGY                                   15\n\nAPPENDIX II: GLOSSARY OF TERMS                                                  18\n\nAPPENDIX III: ACRONYMS USED IN THE REPORT                                       21\n\n\n\n\n                                           I-1\n\x0cEXECUTIVE SUMMARY\n\nThe FDIC Office of Inspector General (OIG) contracted with KPMG LLP (KPMG) to conduct a\nperformance audit of the FDIC\xe2\x80\x99s Corporate Investment Program. Both the OIG and FDIC management\nrecognize that periodic, independent audits of the Corporate Investment Program are necessary and useful\nfor sound corporate governance. The results of this audit support the OIG\xe2\x80\x99s commitment to FDIC\nmanagement to conduct an independent audit of the Corporate Investment Program every 3 years.\n\nThe objective of this performance audit was to assess the FDIC\xe2\x80\x99s controls for ensuring that the Deposit\nInsurance Fund (DIF) and National Liquidation Fund (NLF) are managed consistent with the FDIC\xe2\x80\x99s\ninvestment policies approved by the Board of Directors (the Board). As part of our work, we interviewed\nkey officials with responsibility for managing and implementing the Corporate Investment Program,\nincluding the Deputy to the Chairman and Chief Financial Officer (CFO) and Division of Finance (DOF)\nofficials. We also reviewed relevant FDIC policies, procedures, guidelines, plans, and reports pertaining\nto the Corporate Investment Program. Our work did not include an assessment of the sufficiency of\ndeposit insurance assessments or other funding sources to cover anticipated losses from insured\ndepository institutions.\n\nWe used the Government Accountability Office\xe2\x80\x99s (GAO) November 1999 publication Standards for\nInternal Control in the Federal Government as the primary criteria for conducting the audit. We chose\nthese standards because they define an overall framework for establishing and maintaining effective\ninternal control in federal agencies. In addition, FDIC Circular 4010.3, FDIC Enterprise Risk\nManagement Program, states that the GAO standards define the minimum acceptable level of quality for\ninternal control and provide the basis against which internal controls should be evaluated at the FDIC.\nThe GAO standards, which are intended to safeguard public resources and promote accountability, consist\nof the following five components:\n\n\xe2\x80\xa2   Control Environment \xe2\x80\x93 The attitude toward internal control and control consciousness established\n    and maintained by management and employees.\n\xe2\x80\xa2   Risk Assessment \xe2\x80\x93 The assessment of risk from external and internal sources at both the entity and\n    activity level.\n\xe2\x80\xa2   Control Activities \xe2\x80\x93 The activities that help identify, prevent, or reduce risks that can impede the\n    accomplishment of organizational objectives. Common control activities include documentation,\n    approvals, authorizations, verifications, separation of duties, and reporting.\n\xe2\x80\xa2   Information and Communications \xe2\x80\x93 The exchange of useful information among people and\n    organizations to support decisions and coordinate activities. Information should be communicated to\n    management and employees who need it, and in a form and timeframe that helps them carry out their\n    responsibilities.\n\xe2\x80\xa2   Monitoring \xe2\x80\x93 The review of an organization\xe2\x80\x99s activities and transactions to assess the quality of\n    performance over time and determine whether controls are effective.\n\nWe also used FDIC policies and procedures and various industry-recognized guidelines and practices as\nsupplemental criteria in assessing the Corporate Investment Program. The Glossary in Appendix II\ncontains definitions of the terms used in this report.\n\nIn summary, we found that the FDIC had implemented a number of important controls designed to ensure\nthat the DIF and NLF are managed consistent with the FDIC\xe2\x80\x99s Board-approved investment policies. Of\nparticular note, DOF had developed detailed procedures and guidelines to manage the day-to-day\noperations of the funds. Additionally, the FDIC had created an Investment Advisory Group (IAG) to\n\n\n\n                                                   I-2\n\x0cmonitor the performance of the funds and advise the CFO on investment strategies pertaining to the\nfunds. Further, the CFO and DOF officials reported regularly to the Board on the funds\xe2\x80\x99 performance and\nwere taking proactive measures to help ensure the viability of the funds in response to uncertainties in the\nbanking industry.\n\nWhile these actions are positive, control improvements in some areas of the Corporate Investment\nProgram are warranted. Specifically, the FDIC\xe2\x80\x99s Corporate Investment Policy and DOF\xe2\x80\x99s detailed\nprocedures and guidelines did not reflect current statutory definitions or current investment management\npractices in some areas. In addition, although the FDIC had a strategy for responding to a liquidity\ncontingency involving the DIF, the FDIC can enhance its response planning by developing a\ncomprehensive written contingency funding plan that describes how the Corporation will implement its\nstrategy under the various contingency scenarios that could occur. Further, the FDIC can enhance its\ninvestment management controls by implementing a system of dual control over the authorization and\nexecution of securities transactions and conducting periodic independent validations of key computer-\nbased financial models to ensure they function as intended. We identified one additional potential control\nenhancement pertaining to interest rate risk management that we are reporting to the OIG separately\nbecause we do not consider the matter to be significant in the context of our performance audit results.\n\nWe issued a draft of this report on February 25, 2009. We subsequently met with DOF and OIG\nrepresentatives and obtained informal feedback on the draft report. Based on the informal feedback we\nreceived, we made certain changes that we deemed appropriate. On May 8, 2009, the CFO and Director,\nDOF, provided a formal written response to our draft report.\n\nWe conducted this performance audit from September 2008 through January 2009 in accordance with\nGenerally Accepted Government Auditing Standards issued by the Comptroller General of the United\nStates. Those standards require that we plan and perform the audit to obtain sufficient, appropriate\nevidence to provide a reasonable basis for our findings and conclusions based on our audit objective. We\nbelieve that the evidence obtained provides a reasonable basis for our findings and conclusions based on\nour audit objective. This performance audit did not constitute an audit of financial statements in\naccordance with Government Auditing Standards. KPMG was not engaged to, and did not render an\nopinion on, the FDIC\xe2\x80\x99s internal controls over financial reporting or over financial management systems\n(for purposes of the Office of Management and Budget\xe2\x80\x99s Circular No. A-127, Financial Management\nSystems, July 23, 1993, as revised). KPMG cautions that projecting the results of our audit to future\nperiods is subject to the risks that controls may become inadequate because of changes in conditions or\nbecause compliance with controls may deteriorate.\n\n\n\n\n                                                    I-3\n\x0cBACKGROUND\n\nThe FDIC has statutory responsibility for managing funds in the DIF and NLF. Brief descriptions of the\nDIF and NLF follow.\n\nThe Deposit Insurance Fund\n\nThe DIF was established on March 31, 2006, following the merger of the former Bank Insurance Fund\n(BIF) and Savings Association Insurance Fund (SAIF). The primary purpose of the DIF is to insure the\ndeposits and protect the depositors of FDIC-insured financial institutions and to resolve failed financial\ninstitutions in a manner that results in the least possible cost to the Corporation. In order to remain viable,\nthe DIF must have adequate sources of liquidity to fund the Corporation\xe2\x80\x99s operating costs and the\nresolution of failed financial institutions. The DIF is funded principally by deposit insurance assessments\ncharged to insured financial institutions and interest earned on investments in U.S. Treasury obligations.\nAdditional funding sources, if needed, include the Federal Financing Bank, U.S. Department of the\nTreasury (Treasury), Federal Home Loan Banks, and insured depository institutions. Ultimately, the full\nfaith and credit of the U.S. Government stands behind the FDIC\xe2\x80\x99s obligations.\n\nSection 13(a) of the Federal Deposit Insurance (FDI) Act provides that funds held in the DIF that are not\notherwise employed shall be invested in obligations of the United States or in obligations guaranteed as to\nprincipal and interest by the United States. Further, the Treasury Secretary requires the FDIC to invest its\nnon-appropriated cash held in U.S. Treasury accounts in non-marketable U.S. Treasury securities. Such\nsecurities include: U.S. Treasury certificates; conventional Treasury bills, notes, and bonds; callable\nTreasury securities; Treasury Inflation Protected Securities (TIPS); and zero-coupon Treasury securities.\nThe FDIC purchases and sells these securities through the Bureau of Public Debt\xe2\x80\x99s (BPD) Government\nAccount Series (GAS) program. Although the GAS program is not available to the general public,\nsecurities can be purchased and sold through the program at current market prices and without transaction\ncosts to the Corporation. GAS program investments enjoy a high degree of transactional liquidity.\n\nIn early August 2008, the FDIC re-classified all of the investment securities in the DIF designated as held\nto maturity (HTM) to available-for-sale (AFS). 1 This change was based on the FDIC\xe2\x80\x99s determination that\nit no longer had the positive intent and ability to hold securities classified as HTM until their maturity\ndates due to significant actual and potential outlays related to the resolution of failed institutions. A key\nresult of this change is that the DIF will now be accounted for at fair value and, as a result, the reserve\nratio will be more volatile to changes in interest rates. To illustrate this point, the value of securities\nclassified as AFS typically decreases in a rising interest rate environment. In such an environment, a\ndecline in the value of the DIF investment portfolio would result in a lower reserve ratio, which could\nimpact the Board\xe2\x80\x99s deposit insurance assessment decisions. 2\n\nAs of September 30, 2008, the balance of the DIF was $34.59 billion, down from $52.41 billion at the end\nof 2007. This decrease was primarily due to outlays associated with the failure of insured financial\ninstitutions and an increase in the FDIC\xe2\x80\x99s provision for insurance losses. The DIF reserve ratio as of\n\n1\n  Debt securities in the DIF investment portfolio may be classified as either AFS or HTM. Securities classified as\nAFS are accounted for at fair value, while securities classified as HTM are accounted for at amortized cost (i.e., the\nface value of the securities plus their unamortized premium or less their unamortized discount). To be classified as\nHTM, an entity must have the positive intent and ability to hold the security to its maturity.\n2\n  Pursuant to statute, if the DIF reserve ratio falls below 1.15 percent, or if the FDIC expects it to do so within 6\nmonths, the FDIC must, within 90 days, establish and implement a plan to restore the DIF reserve ratio to 1.15\npercent within 5 years absent \xe2\x80\x9cextraordinary circumstances.\xe2\x80\x9d\n\n\n                                                          I-4\n\x0cSeptember 30, 2008, was 0.76 percent, which is below the 1.15 percent minimum level mandated by the\nFederal Deposit Insurance Reform Act of 2005. On October 7, 2008, the Board approved a plan to\nrestore the DIF reserve ratio to 1.15 percent within the next 5 years as required by statute. The Board\nsubsequently extended the restoration plan horizon to 7 years based on \xe2\x80\x9cextraordinary circumstances.\xe2\x80\x9d\n\nThe National Liquidation Fund\n\nThe NLF consists of all funds held by the FDIC in its receivership and corporate liquidator capacities.\nInvestments in the NLF may include Treasury securities, federally-sponsored agency securities, overnight\nand term interest-bearing deposits at a designated depository, repurchase agreements, and government\ninstitutional money market funds. Among other provisions and restrictions, the term of any investment in\nthe NLF may not exceed 1 year. When not otherwise deployed, NLF funds are deposited at the Federal\nHome Loan Bank of New York (FHLB-NY), the NLF\xe2\x80\x99s current designated depository. FHLB-NY also\nacts as custodian for the NLF\xe2\x80\x99s other investment securities, principally, federally-sponsored agency\ndiscount notes. As the NLF\xe2\x80\x99s designated depository, FHLB-NY provides a variety of banking services\nthat facilitate the collection of receivership funds, payment of receivership expenses, and payment of\nreceivership dividends. In addition, the FDIC uses FHLB-NY to pay depositors of failed financial\ninstitutions. The Division of Resolutions and Receiverships\xe2\x80\x99 Dallas Field Office is responsible for\nmanaging the FDIC\xe2\x80\x99s banking relationship with FHLB-NY. As of September 30, 2008, the market value\nof the NLF was $2.86 billion, up from $393 million at the end of 2007. This increase was primarily the\nresult of increased resolution activity.\n\nDIF and NLF Investment Governance\n\nThe DIF and NLF are governed by two principal policies approved by the Board: the Corporate\nInvestment Policy and Liquidation Investment Policy (respectively). Among other things, these policies\ndefine investment objectives for the funds, key roles and responsibilities, and reporting requirements to\nthe Board. Of particular note, the policies designate the CFO as having primary responsibility for\nmanaging the DIF and NLF. The policies require the CFO to report quarterly to the Board on the\n(1) status and recent investment experience of the funds, (2) current and prospective investment strategies\nof the funds, (3) principal reasons for significant changes in either the investment experience or strategies\nof the funds, and (4) actions taken that constitute exceptions to the policies. To assist the CFO in carrying\nout his responsibilities, the FDIC established the IAG consisting of the CFO; the Director, DOF; and\nthree other members not directly involved in the DIF or NLF investment operations. Among other things,\nthe IAG advises the CFO on fund investment strategies, reviews current and projected economic\nconditions, investment performance, and cash flow projections for the funds, and evaluates exceptions to\nthe Corporate Investment Policy and Liquidation Investment Policy. The IAG convenes quarterly.\n\nThe Director, DOF, is responsible for implementing the funds\xe2\x80\x99 investment strategies and for managing the\nday-to-day financial transactions of the funds, subject to the general supervision of the CFO. Within\nDOF, the Treasury Management Section (TMS) handles the day-to-day purchase, sale, accounting, and\nreporting of investment funds. TMS consists of two units, the Funding and Investments Unit (FIU) and\nTreasury Operations Unit (TOU). FIU is responsible for monitoring current market conditions, making\ninvestment decisions consistent with approved investment strategies, purchasing and selling investment\nsecurities, and reporting to management on the performance and risks associated with the funds. TOU is\nresponsible for reviewing the long-term investment purchases and sales made by FIU and for recording\ntransactions in the FDIC\xe2\x80\x99s accounting systems. TOU is also responsible for the overnight investment of\nDIF funds. Both FIU and TOU have established detailed procedures and guidelines to implement their\ncollective investment management responsibilities. The Figure, which follows, illustrates the investment\ngovernance framework for the DIF and NLF.\n\n\n\n                                                     I-5\n\x0cDIF and NLF Governance Framework\n\n\n\n                FDIC\n                 FDICBoard\n                      Board                                Deputy\n                                                            Deputytotothe\n                                                                       theChairman\n                                                                           Chairmanand\n                                                                                    andCFO\n                                                                                        CFO                                       IAG\n                                                                                                                                   IAG\n\n          Responsible\n           Responsiblefor foroverall                          Responsible                                       Responsible\n                                                                                                                  Responsiblefor  forMonitoring:\n                               overall                         Responsiblefor\n                                                                            formanaging\n                                                                                 managingand\n                                                                                           and                                        Monitoring:\n        oversight\n         oversightofoffunds\n                       fundsininthe\n                                 theDIF                   reporting                                             \xe2\x80\xa2 \xe2\x80\xa2Overall\n                                                                                                                    Overallinvestment,\n                                                                                                                            investment,Treasury\n                                     DIF                   reportingon\n                                                                     onfunds\n                                                                        fundsininthe\n                                                                                  theDIF\n                                                                                      DIFand\n                                                                                          andNLF\n                                                                                              NLF                                         Treasury\n                  and\n                   andNLFNLF                                 consistent\n                                                              consistentwith\n                                                                         withBoard-approved\n                                                                               Board-approved                   securities\n                                                                                                                  securitiesmarket,\n                                                                                                                              market,and\n                                                                                                                                       andeconomic\n                                                                                                                                            economic\n                                                                          policies\n                                                                           policies                             conditions\n                                                                                                                  conditions\n                                                                                                                \xe2\x80\xa2 \xe2\x80\xa2Performance\n                                                                                                                    PerformanceofofthetheDIF\n                                                                                                                                          DIFand\n                                                                                                                                              andNLF\n                                                                                                                                                  NLF\n                                                                                                                \xe2\x80\xa2 \xe2\x80\xa2Actions\n                                                                                                                    Actionsthat\n                                                                                                                             thatconstitute\n                                                                                                                                  constituteexceptions\n                                                                                                                                             exceptionstoto\n                                                                                                                Board-approved\n                                                                                                                  Board-approvedpolicies\n                                                                                                                                     policies\n                                                                     Director,\n                                                                      Director,DOFDOF\n                                                         Responsible\n                                                          Responsibleforforday-to-day\n                                                                            day-to-daypurchases,\n                                                                                       purchases,               Responsible\n                                                                                                                  Responsiblefor  forAdvising\n                                                                                                                                      Advisingthe\n                                                                                                                                               theCFO\n                                                                                                                                                   CFO\n                                                           sales,\n                                                            sales,accounting,\n                                                                   accounting,and\n                                                                                andreporting\n                                                                                     reportingofof              on:\n                                                                                                                  on:\n                                                                funds\n                                                                 fundsininthe\n                                                                           theDIF\n                                                                               DIFand\n                                                                                   andNLF\n                                                                                       NLF                      \xe2\x80\xa2 \xe2\x80\xa2Liquidity\n                                                                                                                    Liquiditytargets\n                                                                                                                              targets\n                                                                                                                \xe2\x80\xa2 \xe2\x80\xa2Investment\n                                                                                                                    Investmentstrategies\n                                                                                                                                 strategies\n\n                                                            Manager,\n                                                            Manager,Treasury\n                                                                     TreasuryManagement\n                                                                              Management\n                                                                      Section\n                                                                       Section\n\n\n\n\n                                            TOU\n                                             TOU                                                               FIU\n                                                                                                                FIU\n                       \xe2\x80\xa2 \xe2\x80\xa2Executes                                                       \xe2\x80\xa2 \xe2\x80\xa2Invests\n                                                                                             Investscorporate\n                                                                                                     corporateandandliquidation\n                                                                                                                      liquidationfunds\n                           Executes overnightinvestments\n                                    overnight    investments                                                                      funds\n                       \xe2\x80\xa2 \xe2\x80\xa2Maintains                                                      \xe2\x80\xa2 \xe2\x80\xa2Monitors\n                                                                                             Monitorscurrent\n                                                                                                      currentmarket\n                                                                                                                marketconditions\n                           Maintainsportfolio\n                                      portfoliosystem\n                                                system                                                                   conditions\n                       \xe2\x80\xa2 \xe2\x80\xa2Accounts                                                       and\n                                                                                           andmakes\n                                                                                                makesinvestment\n                                                                                                        investmentdecisions\n                           Accountsfor\n                                     forcorporate\n                                         corporateinvestments\n                                                     investments                                                     decisions\n                       \xe2\x80\xa2 \xe2\x80\xa2Provides                                                       consistent\n                                                                                           consistentwith\n                                                                                                      withinvestment\n                                                                                                            investmentstrategies\n                           Providesback-office\n                                     back-officesupport\n                                                  supportfor\n                                                           for                                                            strategies\n                       corporate                                                         \xe2\x80\xa2 \xe2\x80\xa2Prepares\n                                                                                             PreparesIAG\n                                                                                                       IAGbriefing\n                                                                                                             briefingmaterials\n                         corporateand\n                                    andliquidation\n                                         liquidationinvestments\n                                                      investments                                                     materials\n                                                                                         \xe2\x80\xa2 \xe2\x80\xa2Prepares\n                                                                                             Preparesmanagement\n                                                                                                       managementand    andboard\n                                                                                                                             board\n                                                                                         reports\n                                                                                           reports\n\n\nSource: KPMG Analysis of Corporate Investment Program Documentation.\n\nIn addition, DOF staff use various software automation tools and industry information to support their\ninvestment management activities, including those listed below.\n\n    \xe2\x80\xa2    The Bloomberg Professional 3 system and other financial publications are used to obtain\n         information on current and near-term economic and Treasury market conditions (such as yields,\n         maturities, and other relevant information). Among other things, such information is used in\n         formulating investment strategies for the DIF.\n    \xe2\x80\xa2    PORTIA\xc2\xae, a Thompson Reuters application, is used to track DIF and NLF investment\n         transactions, calculate earnings, generate cash receipts for interest and maturity payments,\n         generate reports, and track performance. Details on PORTIA\xc2\xae are provided later in the report\n         under the section entitled, Validation of Computer-based Financial Models.\n    \xe2\x80\xa2    Microsoft Excel\xc2\xae-based spreadsheets are used to prepare and report financial information, such\n         as cash flow projections for the funds, for senior management.\n    \xe2\x80\xa2    The results of Financial Risk Committee meetings and the Division of Resolutions and\n         Receiverships\xe2\x80\x99 Resolutions Report to the FDIC Chairman are used to determine near-term\n         funding requirements and liquidity targets for the funds.\n\n\n3\n Bloomberg Professional is a trademark and servicemark of Bloomberg Finance L.P., a Delaware limited\npartnership, or its subsidiaries.\n\n\n                                                                                 I-6\n\x0cCORPORATE INVESTMENT PROGRAM POLICIES, PROCEDURES, AND GUIDELINES\n\nThe Corporate Investment Policy and Liquidation Investment Policy provide a comprehensive framework\nfor the management and oversight of the DIF and NLF investment portfolios, respectively. In addition,\nDOF has established detailed procedures and guidelines to implement the Corporate Investment Policy\nand Liquidation Investment Policy and to manage the day-to-day activities of the funds. However, the\nCorporate Investment Policy and DOF\xe2\x80\x99s detailed procedures and guidelines do not reflect current\nstatutory definitions pertaining to the DIF or current investment management practices in some areas.\nUp-to-date policies, procedures, and guidelines are an important internal control for ensuring that\nprocesses are repeatable, consistent, and disciplined and for reducing operational risk associated with\nchanges in staff.\n\nGAO\xe2\x80\x99s Standards for Internal Controls in the Federal Government state that policies and procedures are\nan integral part of an organization\xe2\x80\x99s operations and a key control for ensuring that management\xe2\x80\x99s\ndirectives are carried out. In addition, Circular 4010.3, FDIC Enterprise Risk Management System,\nrequires divisions and offices to maintain current policies and procedures. The table below identifies key\nCorporate Investment Program policies, procedures, and guidelines and their status.\n\nKey Corporate Investment Program Policies, Procedures, and Guidelines\n          Policies, Procedures, and Guidelines              Status                             Last Updated\n    Corporate Investment Policy                                                X           December 2006\n    Liquidation Investment Policy                                              \xe2\x88\x9a           October 2007\n    Corporate Liquidity Guidelines                                             X           2002\n    Procedures for Corporate Investment Purchases                              X           February 2004\n    Procedures for Corporate Security Sales                                    X           March 2004\n    Procedures for Investing the National Liquidation Fund                     X           January 2008\n    Procedures for Corporate Cash Flow Modeling                                X           March 2002\nLegend: \xe2\x88\x9a - Policy, procedure, or guideline reflects current statutory definitions and investment practices.\n        X - Policy, procedure, or guideline does not reflect current statutory definitions and/or investment practices\n            in one or more areas.\nSource: KPMG analysis of the FDIC\xe2\x80\x99s Corporate Investment Program Policies, Procedures, and Guidelines.\n\nWe noted the following areas of the FDIC\xe2\x80\x99s Corporate Investment Program policies, procedures, and\nguidelines that needed to be updated:\n\n      \xe2\x80\xa2   Corporate Investment Policy. The policy requires the DIF to consist of both a primary and\n          secondary reserve 4 and defines specific investment objectives pertaining to each reserve.\n          However, the secondary reserve has not had a balance since the FDIC reclassified all of the\n          investment securities in the DIF to AFS in August 2008. Prior to the reclassification,\n          approximately 66 percent of the DIF\xe2\x80\x99s balance was in the secondary reserve. Because it is not\n          known when the DIF will contain securities designated as HTM, the investment objectives of the\n          primary and secondary reserves should be re-assessed. For example, the policy requires that the\n          secondary reserve be managed to mitigate reinvestment risk by maintaining a laddered maturity\n\n4\n  According to the policy, the primary reserve represents the fund\xe2\x80\x99s principal source of liquidity. The primary\nreserve consists of overnight investments, investment securities designated as AFS, and investment securities\ndesignated as HTM with remaining maturities of 3 months or less. The fund\xe2\x80\x99s secondary reserve, which represents a\nsecondary source of funds, consists of investment securities designated as HTM that are not included in the primary\nreserve.\n\n\n                                                         I-7\n\x0c        distribution. Because the HTM portfolio has been reclassified to AFS, the policy no longer\n        contains specific controls to manage reinvestment risk.\n    \xe2\x80\xa2   Corporate Liquidity Guidelines. The guidelines, which define the FDIC\xe2\x80\x99s fund investment and\n        borrowing strategies and address funding liquidity risk, 5 were developed prior to deposit\n        insurance reform legislation and do not address liquidity strategies pertaining to the DIF. For\n        example, the guidelines define target liquidity levels and related assumptions pertaining to the\n        former BIF and SAIF that do not apply to the DIF. In addition, the guidelines describe corporate\n        borrowing authorities, strategies, and limitations that have been modified by recent legislation.\n    \xe2\x80\xa2   Procedures for Investing the NLF. The procedures define how the FDIC purchases, sells,\n        accounts for, and monitors investment securities permitted by the Liquidation Investment Policy.\n        However, the procedures do not reflect the change in the fund\xe2\x80\x99s designated depository, from the\n        FHLB-Chicago to FHLB-NY, that took place in July 2008.\n    \xe2\x80\xa2   Procedures for Corporate Investment Purchases, Corporate Security Sales, and Corporate\n        Cash Flow Modeling. Because these procedures were developed prior to deposit insurance\n        reform legislation, they define activities and describe computer files pertaining to the former BIF\n        and SAIF that DOF no longer uses in administering the DIF. In addition, the procedures do not\n        reflect DOF\xe2\x80\x99s practice of performing periodic validations of third-party-provided market pricing\n        used by PORTIA\xc2\xae.\nDOF officials advised us that the Corporate Investment Policy and Liquidation Investment Policy are\ntypically updated and approved by the Board on a 3-year cycle, or when the membership of the Board\nchanges. 6 Updates to DOF\xe2\x80\x99s detailed procedures and guidelines occur on a periodic basis. However, the\nintroduction of legislation pertaining to the DIF, together with the high visibility of the DIF to the public\nand the Congress, warrant more frequent reviews and updates of the Corporate Investment Program\npolicies, procedures, and guidelines. In the financial services industry, investment policies are typically\nreviewed at least annually. Once the Corporate Investment Policy and DOF\xe2\x80\x99s procedures and guidelines\nare updated, it would be prudent for DOF to conduct periodic independent internal assessments of the\neffectiveness of the program\xe2\x80\x99s controls, including assessing whether the program\xe2\x80\x99s policies, procedures,\nand guidelines are current, accurate, and complete. DOF officials told us that an internal assessment of\nthe Corporate Investment Program was last conducted in December 2006. Such reviews would promote\nsound governance and further the internal control and monitoring principles defined in Circular 4010.3.\n\nRecommendations\n\nWe recommend that the CFO:\n\n(1) Update the Corporate Investment Policy and DOF\xe2\x80\x99s detailed investment procedures and guidelines\n    and, where appropriate, obtain Board review and approval. As part of this effort, define the\n    frequency with which the Corporate Investment Program policies will be reviewed for possible\n    updates.\n\n\n\n\n5\n Funding liquidity risk refers to cash-flow estimations and individual positions.\n6\n For example, the current Corporate Investment Policy was approved by the Board in December 2006; the policy\nhad been previously reviewed and approved by the Board in November 2003. The Liquidation Investment Policy\nwas approved by the Board in October 2007; the policy had been previously reviewed and approved by the Board in\nNovember 2004 .\n\n\n                                                      I-8\n\x0cWe recommend that the Director, DOF:\n\n(2) Conduct periodic independent internal assessments of the Corporate Investment Program, including its\n    policies, procedures, and guidelines, to ensure such controls are operating as intended.\n\n\nCONTINGENCY RESPONSE PLANNING\n\nThe FDIC has taken a number of proactive steps to prepare for a potential liquidity contingency involving\nthe DIF in which the FDIC would need to borrow funds from outside sources to meet the fund\xe2\x80\x99s liquidity\nneeds. Such steps include executing a formal borrowing agreement with the Federal Financing Bank,\nrecommending to the Congress that the Corporation\xe2\x80\x99s statutory line of credit with the Treasury be\nincreased to ensure the continued viability of the fund, and developing a strategy for borrowing funds\nfrom outside sources (components of which are defined in the Large Bank Resolution Strategy and Action\nPlan and various other briefing materials).\n\nAlthough not mandated by statute or regulation, the FDIC can further enhance its contingency response\nplanning for the DIF by developing a comprehensive, written contingency funding plan that describes\nhow the Corporation will implement its strategy for borrowing from outside sources under the various\ncontingency scenarios that could occur. Such a plan would represent a proactive risk response planning\ncontrol for reducing operational risk, including risk associated with the unavailability of key individuals\nduring a contingency. A comprehensive contingency funding plan would also promote transparency and\ncommunication throughout the Corporation regarding potential funding contingencies associated with\ncurrent and emerging business programs. The contingency funding plan should be reviewed and\napproved by the Board which, by statute, has responsibility for managing the Corporation, and thus has\nthe ultimate responsibility for authorizing outside borrowing decisions on behalf of the Corporation.\n\nThe DIF is funded principally by deposit insurance assessments charged to insured financial institutions\nand interest earned on investments in U.S. Treasury obligations. To ensure the DIF maintains adequate\nliquidity, the CFO and DOF officials regularly monitor projected sources and uses of funds and purchase\nor sell investment securities as needed. In addition, the Board may, under certain circumstances and\nconsistent with its statutory authority, raise deposit insurance premiums and impose special assessments\non insured financial institutions when additional funds are needed to replenish the DIF. However,\ncircumstances can occur in which these funding sources would not be sufficient to meet the immediate\nliquidity needs of the DIF. To ensure the DIF remains liquid during such contingencies, the FDIC may\nuse its statutory authority to borrow funds from the Federal Financing Bank, Treasury, Federal Home\nLoan Banks, and insured depository institutions (collectively referred to herein as outside sources).\n\nWe spoke with the CFO and DOF officials regarding how the FDIC would obtain funds from outside\nsources in response to a liquidity contingency involving the DIF. These officials described a strategy\nwherein the FDIC would first borrow up to $100 billion (on an as-needed basis and subject to statutory\nlimitations) from the Federal Financing Bank pursuant to a Note Purchase Agreement (NPA), dated\nDecember 15, 2006 (as amended), between the FDIC and the Federal Financing Bank. The NPA defines\nthe terms and conditions in which the Federal Financing Bank will purchase notes from the FDIC and the\nFDIC will request and repay advances. The current NPA is set to expire on September 30, 2009. The\nBoard has authorized the CFO, with the concurrence of the General Counsel, to execute, renew, maintain,\nand make future minor modifications to the NPA and to execute and deliver future advance promissory\nnotes. The Board has also authorized the CFO, or designee, subject to the conditions of the NPA, to\n\n\n\n\n                                                    I-9\n\x0crequest and repay advances up to, but not exceeding, $100 billion. 7 Should the FDIC require funding in\nexcess of the NPA, the FDIC would then borrow from the Treasury. DOF officials informed us that\nalthough the FDIC has statutory authority to borrow from the Federal Home Loan Banks and insured\ndepository institutions, it is unlikely such borrowing sources would be used. 8\n\nTo its credit, the FDIC has developed the Large Bank Resolution Strategy and Action Plan, which\ndefines, among other things, activities for obtaining cash and other funding assistance to operate a\nreceivership and fund a bridge bank. While the Large Bank Resolution Strategy and Action Plan\naddresses key aspects of a contingency funding plan, it was developed prior to the current financial crisis\nand its focus is on one principal contingency\xe2\x80\x94a large institution failure. The FDIC can strengthen its\ncontingency response planning for the DIF by developing a comprehensive, written contingency funding\nplan that describes how the Corporation will implement its strategy for borrowing from outside sources\nunder multiple contingencies. FDIC Financial Institution Letter (FIL) 84-2008, Liquidity Risk\nManagement, dated August 26, 2008, recommends that FDIC-supervised institutions develop formal\ncontingency funding plans that address the various contingency scenarios that can occur and the factors\nthat might influence funding options. While we recognize that the FDIC\xe2\x80\x99s liquidity risk profile differs\nfrom the institutions it supervises, FIL 84-2008 identifies elements of a contingency funding plan that, if\ntailored to the unique business needs of the FDIC, would benefit the Corporation\xe2\x80\x99s liquidity response\nplanning efforts. The following points summarize key elements of a contingency funding plan as defined\nin FIL 84-2008 and how these elements could apply to the FDIC.\n\n    \xe2\x80\xa2    Roles and Responsibilities. Clearly defined responsibilities and lines of decision-making are\n         critical for ensuring that all personnel understand their role during a liquidity contingency. While\n         the FDIC has defined roles and responsibilities in its NPA, the Large Bank Resolution Strategy\n         and Action Plan, and various other briefing materials, integrating these roles and responsibilities\n         into a comprehensive, written plan would mitigate operational risk associated with the\n         unavailability of key individuals during a contingency. Additionally, such a plan would promote\n         awareness among division and office personnel who might become involved with a funding\n         contingency.\n\n    \xe2\x80\xa2    Potential Liquidity Contingencies. Clearly defined thresholds or measures for determining\n         when a potential liquidity contingency has occurred or is about to occur are important\n         components of successful contingency response planning. While the NPA prohibits the FDIC\n         from obtaining advances under certain circumstances, 9 recent FDIC program initiatives, such as\n         loss sharing agreements with financial institutions and the Temporary Liquidity Guarantee\n         Program (TLGP), have introduced new liquidity risk and potential contingency funding scenarios\n         for the DIF.\n\n7\n  In September 2008, the Board authorized the CFO to execute and deliver, or cause to be delivered, an amendment\nto the NPA, on such appropriate terms and conditions as are satisfactory to the CFO and the General Counsel, in\norder to increase the funding limit to an amount not to exceed $100 billion.\n8\n  According to section 14 of the FDI Act, the FDIC may borrow $30 billion from the Treasury, except to the extent\nof any borrowing from insured depository institutions. In any case, the total of FDIC\xe2\x80\x99s obligations is subject to the\nmaximum obligation limitation (MOL) set forth in section 15(c) of the FDI Act; see the Glossary for further\ninformation. In addition, the Emergency Economic Stabilization Act of 2008 permits the FDIC to obtain loans in\nconnection with the increase of the deposit insurance coverage affected by that Act; such loans are excluded from\nthe $30 billion limitation and the MOL.\n9\n  For example, advances are conditioned on: (1) the DIF holding $500 million or less in cash and investments in\nU.S. Treasury obligations at the time any advance is made and (2) that any advance will not cause the DIF to exceed\nthe statutory limitation on its maximum amount of outstanding obligations as defined in Section 15(c) of the FDI\nAct. These conditions are consistent with provisions of Section 14(b) of the FDI Act, which permits the Federal\nFinancing Bank to set terms and conditions for FDIC borrowings.\n\n\n                                                        I-10\n\x0c     \xe2\x80\xa2   Monitoring. Monitoring includes techniques for identifying potential liquidity contingencies and\n         reporting on actions taken in response to such contingencies (e.g., reporting to the Congress,\n         outside agencies, and the public on the FDIC\xe2\x80\x99s borrowing and repayment activities).\n\n     \xe2\x80\xa2   Potential Funding Restrictions. Planning for circumstances that could trigger restrictions on\n         contingent funding sources, such as the MOL, is a prudent business practice.\n\n     \xe2\x80\xa2   Adequacy of Contingent Funding Sources. It is a prudent business practice to identify\n         potential contingency funding sources, conditions and limitations on their use, and criteria for\n         determining which sources will be used to address various contingencies. For example, a\n         comprehensive contingency funding plan would reflect the FDIC\xe2\x80\x99s prior determination that\n         certain funding sources permitted by statute are not as cost-effective as others, or that certain\n         sources would not be viable under certain circumstances.\n\nMany of the above concepts are also referenced in the Basel Committee on Banking Supervision\xe2\x80\x99s\nSeptember 2008 publication Principles for Sound Liquidity Risk Management and Supervision. For\nexample, the Basel publication states that financial institutions should maintain formal contingency\nfunding plans that contain clearly defined strategies for addressing liquidity shortfalls in emergency\nsituations. The publication also states that contingency funding plans should outline policies for\nmanaging a range of contingencies, establish clear lines of responsibility, define clear invocation and\nescalation procedures, and be regularly updated to ensure that the plans remain operationally robust.\n\nThe FDIC has not needed to draw on outside funding sources since 1991. 10 However, the deteriorating\neconomic and industry conditions of the past year underscore the importance of proactive contingency\nresponse planning to cover unexpected developments in the financial services industry. A liquidity\ncontingency involving the DIF would likely attract significant public and congressional attention.\nAccordingly, it would be prudent for the FDIC to develop a comprehensive, written contingency funding\nplan that describes how the Corporation will implement its strategy for borrowing from outside sources\nunder the various contingency scenarios that could occur. Such a plan would represent an important\ncontrol for mitigating the risk associated with the unavailability of key individuals during an actual\nliquidity contingency and for promoting transparency and communication throughout the Corporation. In\naddition, a contingency funding plan could aid in assessing the impact of new corporate programs, such as\nthe TLGP and loss sharing agreements. The CFO and DOF officials should provide the contingency\nfunding plan to the FDIC\xe2\x80\x99s Board which, by statute, has responsibility for managing the Corporation, and\nthus has the ultimate responsibility for authorizing outside borrowing decisions on behalf of the\nCorporation.\n\nRecommendation\n\nWe recommend that the Director, DOF:\n\n(3) Strengthen the FDIC\xe2\x80\x99s contingency response planning for the DIF by developing a written\ncontingency funding plan that describes how the Corporation will implement its strategy for borrowing\nfrom outside agency sources for the various contingencies that may occur. The completed contingency\nfunding plan should be provided to the Board for review and approval.\n\n\n\n\n10\n  The former BIF borrowed funds from the Federal Financing Bank in 1991 for working capital, which the FDIC\nfully repaid with interest by 1993.\n\n\n                                                     I-11\n\x0cAUTHORIZATIONS TO PURCHASE AND SELL INVESTMENT SECURITIES\n\nDOF implemented a number of important controls over the purchase and sale of investment securities in\nthe DIF and NLF. Such controls include preparing trade tickets to document the rationale and details\npertaining to securities transactions, documenting trade confirmations, and performing regular\nreconciliations to help ensure securities transactions were properly recorded. However, DOF\xe2\x80\x99s\ninvestment procedures do not define a dual control over the authorization and execution of securities\ntransactions wherein the authorization is documented in advance of the transaction by an individual other\nthan the person responsible for executing the transaction. Management authorizations to purchase and\nsell investment securities are based on consensus discussions. While our work did not identify any\ninstances of inappropriate securities transactions, establishing a dual control over the authorization and\nexecution of securities transactions would promote appropriate separation of duties in the FDIC\xe2\x80\x99s\ninvestment activities and mitigate the risk of intentional or unintentional errors.\n\nThe purchase and sale of DIF and NLF investment securities is principally handled by FIU. Although the\nnumber of investment transactions that FIU processes per month varies, the size of the transactions during\nthe period October 1, 2007 through September 30, 2008 ranged from approximately $5 million to $1.4\nbillion. DOF employs similar processes for executing securities transactions for the DIF and NLF. To\nillustrate these processes, the following summarizes how an investment security is purchased or sold in\nthe DIF.\n\nAs a matter of practice, FIU\xe2\x80\x99s team leader or a senior financial analyst (collectively referred to herein as\nthe FIU) selects specific securities for purchase or sale after taking into consideration various factors,\nincluding, but not limited to:\n\n         \xe2\x80\xa2   constraints contained in the Corporate Investment Policy,\n         \xe2\x80\xa2   constraints contained in the quarterly investment strategy approved by the IAG,\n         \xe2\x80\xa2   current and expected macroeconomic conditions,\n         \xe2\x80\xa2   the relationship between the yield on Treasury securities for different maturities (also referred\n             to as Treasury yields), and\n         \xe2\x80\xa2   the FDIC\xe2\x80\x99s projected funding needs.\n\nAfter considering these factors, FIU, in consultation with the TMS manager, tentatively identifies specific\nsecurities and dollar amounts for purchase or sale and prepares a preliminary trade ticket. FIU forwards\nthe preliminary trade ticket to TOU, which enters the information into PORTIA\xc2\xae. After obtaining\ncurrent pricing information on the securities under consideration, FIU, in consultation with the TMS\nmanager, decides which securities will be purchased or sold. FIU then executes the securities purchase or\nsale using BPD\xe2\x80\x99s FedInvest Web site and prepares a final trade ticket to document the transaction. 11 FIU\nforwards the final trade ticket and a transaction confirmation generated by FedInvest to TOU to ensure the\ntransaction is properly recorded in PORTIA\xc2\xae. TOU also enters the transaction information into the\nFDIC\xe2\x80\x99s New Financial Environment (the FDIC\xe2\x80\x99s principal financial system) and performs daily and\nmonthly reconciliations to help ensure that the FDIC\xe2\x80\x99s accounting records are current, accurate, and\ncomplete and consistent with BPD\xe2\x80\x99s records.\n\nEstablishing a system of dual control wherein the authorization to execute a security transaction is\ndocumented in advance by an individual other than a person responsible for executing the transaction is a\n\n11\n  The final trade ticket includes such information as the security\xe2\x80\x99s type, par amount, coupon rate, maturity date, call\ndate (if applicable), Committee on Uniform Security Identification Procedures (CUSIP\xc2\xae) identifier, quoted price,\nand corresponding yield.\n\n\n                                                         I-12\n\x0crecognized control practice in the financial services industry. Such a control helps ensure appropriate\nseparation of duties in operations and mitigates the risk of errors. Trading policies for financial services\nfirms typically identify specific individuals or positions with the delegated authority to authorize and\nexecute securities transactions. Such delegations are generally based on the relative size and complexity\nof the transaction. For example, significant dollar-value transactions typically require a higher-level\nmanagement authorization than smaller dollar transactions. Such control practices are also consistent\nwith GAO\xe2\x80\x99s Standards for Internal Control in the Federal Government.\n\nRecommendation\n\nWe recommend that the Director, DOF:\n\n(4) Establish a system of dual control over the authorization and execution of securities transactions\n    wherein the authorization is documented in advance of the transaction by an individual other than the\n    person responsible for executing the transaction.\n\n\nVALIDATION OF COMPUTER-BASED FINANCIAL MODELS\n\nDOF relies extensively on PORTIA\xc2\xae and certain Microsoft Excel\xc2\xae-based spreadsheets to monitor and\nreport on the performance of investment securities in the DIF and to support the Corporation\xe2\x80\x99s strategic\nand tactical investment management decisions. Although DOF has taken steps to help ensure the integrity\nof these computer-based financial models, periodic independent validations had not been performed on\nthem to ensure they function as intended. Periodic independent validations of computer-based financial\nmodels is a recognized practice in the financial services industry for ensuring the reliability of the\ninformation that the models produce.\n\nPORTIA\xc2\xae is the principal computer-based financial model DOF uses to manage overnight funds and\ninvestment securities. PORTIA\xc2\xae uses built-in financial algorithms and securities pricing information\nfrom a third-party service provider 12 to calculate the maturity, yield, value, and modified duration of\ninvestment securities. DOF uses PORTIA\xc2\xae to generate reports on the performance of investment\nsecurities in the DIF and to support key strategic and day-to-day investment management decisions. DOF\nalso uses Excel\xc2\xae-based spreadsheets, some of which may be considered key, to support its investment\nmanagement activities and to brief senior FDIC management. For example, DOF uses an Excel\xc2\xae-based\nspreadsheet to generate the Projected Monthly Cash Flow for the DIF. The spreadsheet uses\nmathematical formulas to determine whether anticipated cash receipts and disbursements will result in a\ncash flow surplus or deficit for the DIF. Such information is used to manage the DIF\xe2\x80\x99s daily cash\npositions and support overnight and long-term investment management decisions.\n\nDOF has taken steps to help ensure the integrity of PORTIA\xc2\xae and the Excel\xc2\xae-based spreadsheets it uses\nto monitor and report on the performance of investment securities. For example, DOF maintains these\nmodels on an access-restricted network shared drive that is regularly backed up. Additionally, DOF\nreviews data contained in the models to help ensure the accuracy of the data processed. While such steps\nare positive, DOF has not established a procedure to have periodic independent validations performed of\nPORTIA\xc2\xae and its key Excel\xc2\xae-based spreadsheets to help ensure the models function as intended.\n\n12\n   Each business day, TOU uploads the CUSIP\xc2\xaes of investment securities in the DIF to the Web site of a third-party\nservice provider. The service provider updates the market prices for each security and notifies TOU, by e-mail,\nwhen the updates are complete. TOU then downloads the updated market prices from the service provider\xe2\x80\x99s Web\nsite and imports the data into PORTIA\xc2\xae.\n\n\n                                                       I-13\n\x0cThe Office of the Comptroller of Currency (OCC) has published guidance for the national banks it\nsupervises on the importance of conducting periodic independent validations of computer-based financial\nmodels (Bulletin 2000-16 regarding model validation). 13 According to the bulletin, periodic independent\nvalidation of computer-based financial models is a leading practice for mitigating the risk of relying on\nerroneous information. The bulletin identifies three generic procedures that apply to any model\nvalidation: (1) an independent review of the model\xe2\x80\x99s logical and conceptual soundness, (2) a comparison\nof the model against other models, and (3) a comparison of the model\xe2\x80\x99s predictions against subsequent\nreal-world events. Depending on the circumstances, any or all three of these generic procedures apply\nwhen validating a model\xe2\x80\x99s input (i.e., assumptions and data), processing (i.e., mathematical computations\nand formulas), and reporting components. The OCC Bulletin also describes a common misconception\nthat validations are not necessary for vendor models because the models have already \xe2\x80\x9cmet the market\ntest.\xe2\x80\x9d The bulletin states that validations of vendor models often identify material processing errors,\nillustrating that validation principles should be applied regardless of whether a model is purchased from a\nvendor or developed in house.\n\nA key concept contained in the OCC bulletin is that the depth and frequency of model validation\nprocedures should be consistent with the level of risk being managed and the complexity of the model\nbeing validated. With respect to the Excel\xc2\xae-based spreadsheets used by DOF, such models have\nrelatively simple code that can be inexpensively checked to ensure that mathematical computations and\ncode are correct. Although PORTIA\xc2\xae contains more complex mathematical algorithms, the integrity of\nthe model\xe2\x80\x99s computations, such as its modified duration computations, could be checked against an\nindependent source, such as the Bloomberg Professional 14 system, to help ensure computations are\nreliable. Because of its organizational independence, DOF\xe2\x80\x99s Administration and Internal Controls\nSection could conduct validations of PORTIA\xc2\xae and DOF\xe2\x80\x99s key Excel\xc2\xae-based spreadsheets as part of the\ninternal assessments recommended earlier in this report.\n\nRecommendation\n\nWe recommend that the Director, DOF:\n\n(5) Establish a procedure to perform periodic independent validations of PORTIA\xc2\xae and key Excel\xc2\xae-\nbased spreadsheets used in the Corporate Investment Program.\n\n\n\n\n13\n   In the winter 2005 publication of the FDIC\xe2\x80\x99s Supervisory Insights, OCC Bulletin 2000-16 is identified as the\nprimary source for formal regulatory guidance on financial model governance.\n14\n   Bloomberg Professional is a trademark and servicemark of Bloomberg Finance L.P., a Delaware limited\npartnership, or its subsidiaries.\n\n\n                                                        I-14\n\x0c                                                                                                      Appendix I\n                                   OBJECTIVE, SCOPE, AND METHODOLOGY\n\n\nObjective\n\n       The objective of this performance audit was to assess the FDIC\xe2\x80\x99s controls for ensuring that the DIF and\n       NLF are managed consistent with the FDIC\xe2\x80\x99s investment policies approved by the Board. We conducted\n       this performance audit from September 2008 through January 2009 in accordance with generally accepted\n       government auditing standards. Those standards require that we plan and perform the audit to obtain\n       sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on\n       our audit objective. We believe that the evidence obtained provides a reasonable basis for our findings\n       and conclusions based on our audit objective.\n\n\nScope and Methodology\n\n       To accomplish our objective, we:\n\n       \xe2\x80\xa2    Interviewed key FDIC officials with responsibility for managing and implementing the Corporate\n            Investment Program, including the CFO; Director, DOF; Deputy Director and Treasurer, DOF; Manager,\n            TMS; and TOU and FIU personnel. We also interviewed FDIC personnel in the Division of Insurance\n            and Research to gain an understanding of the manner in which information from the Financial Risk\n            Committee flows to FIU. In addition, we met with GAO officials working on the annual audit of the\n            FDIC\xe2\x80\x99s funds financial statements to obtain an understanding of the work they perform.\n       \xe2\x80\xa2    Reviewed relevant FDIC policies, procedures, guidelines, and plans, including, but not limited to the:\n                \xe2\x80\xa2   Corporate Investment Policy\n                \xe2\x80\xa2   Liquidation Investment Policy\n                \xe2\x80\xa2   TMS FIU procedures\n                \xe2\x80\xa2   Corporate Liquidity Guidelines\n                \xe2\x80\xa2   DOF TMS Management Control Plan\n                \xe2\x80\xa2   GAO\xe2\x80\x99s financial statement audit process summary memoranda on the Corporate Investment\n                    Process and Cash and Cash Equivalents\n                \xe2\x80\xa2   Treasury Operating Circular, Responsibilities Relating to Government Investment Accounts\n                    and Investment in Government Account Series (GAS) Treasury Securities\n\n       \xe2\x80\xa2    Examined relevant FDIC reports summarizing the FDIC\xe2\x80\x99s investment activities. Such reports included,\n            but were not limited to, quarterly CFO Reports to the Board and Monthly Investment Status Reports for\n            the DIF and NLF portfolios.\n       \xe2\x80\xa2    Observed the October 22, 2008 IAG meeting.\n       \xe2\x80\xa2    Identified and documented the FDIC\xe2\x80\x99s governance structure for managing the DIF and NLF.\n       \xe2\x80\xa2    Performed detailed analyses of the FDIC\xe2\x80\x99s investment processes, including policy reporting\n            requirements, investment trade execution, investment trade compliance, cash flow modeling, and cash\n            reconciliations.\n       Our work did not include an assessment of the sufficiency of deposit insurance assessments or other\n       funding sources to cover anticipated losses from insured depository institutions.\n\n\n\n\n                                                           I-15\n\x0cInternal Control\n\n       We assessed the Corporation\xe2\x80\x99s internal controls and practices pertaining to investment activities in the\n       DIF and NLF for consistency with relevant portions of the criteria listed below. These criteria, or\n       portions thereof, may not be legally binding on the FDIC. However, we considered them during the audit\n       because they define prudent business practices.\n\n           \xe2\x80\xa2   GAO\xe2\x80\x99s Standards for Internal Control in the Federal Government, dated November 1999\n           \xe2\x80\xa2   Treasury Operating Circular, entitled Responsibilities Relating to Government Investment\n               Accounts and Investment in Government Account Series (GAS) Treasury Securities, dated\n               October 1, 2008\n           \xe2\x80\xa2   The Board of Governors of the Federal Reserve System\xe2\x80\x99s Trading and Capital-Markets Activities\n               Manual, dated April 2003\n           \xe2\x80\xa2   Basel Committee on Banking Supervision\xe2\x80\x99s Principles for Sound Liquidity Risk Management and\n               Supervision, dated September 2008\n           \xe2\x80\xa2   FIL-84-2008, Liquidity Risk Management, dated August 26, 2008\n           \xe2\x80\xa2   OCC Bulletin 2000-16 regarding model validation, dated May 2000\n           \xe2\x80\xa2   Buy Side Risk Managers Forum and Capital Market Risk Advisors\xe2\x80\x99 Risk Principles for Asset\n               Managers, dated February 25, 2008\n           \xe2\x80\xa2   Federal Housing Finance Board Office of Supervision Advisory Bulletin (06-02), Model\n               Documentation and Validation, dated March 20, 2006\n           \xe2\x80\xa2   The Financial Services Roundtable, Guiding Principals in Risk Management For U.S.\n               Commercial Banks, dated June 1999\n           \xe2\x80\xa2   Institute of International Finance, Principles of Liquidity Risk Management, dated March 2007\n           \xe2\x80\xa2   Senior Supervisors Group, Observations on Risk Management Practices during the Recent\n               Market Turbulence, dated March 6, 2008\n           \xe2\x80\xa2   Committee of European Banking Supervisors\xe2\x80\x99 Second Part Of CEBS\xe2\x80\x99S Technical Advice to the\n               European Commission on Liquidity Risk Management, dated June 17, 2008\n\n\nReliance on Computer-processed Information\n\n\n       Our audit objective did not require that we separately assess the reliability of computer-processed data to\n       support our findings, conclusions, and recommendations. Additionally, in performing this performance\n       audit, we did not consider it necessary to evaluate the effectiveness of information system controls in\n       order to obtain sufficient, appropriate evidence.\n\n\nPerformance Measurement\n\n       The FDIC\xe2\x80\x99s 2008 Annual Performance Plan did not contain performance goals directly related to our\n       audit objective. However, DOF had developed a Balanced Scorecard containing performance\n       measurement information for both the DIF and NLF. Among other things, the Balanced Scorecard\n       measured the total return of the DIF investment portfolio against the Merrill Lynch 1-10 Year U.S.\n       Treasury Index and the total return of the NLF investment portfolio against the average yield of the\n       generic 3-month U.S. Treasury bill. We considered information contained in DOF\xe2\x80\x99s Balanced Scorecard\n       in planning and conducting our audit work.\n\n\n\n\n                                                           I-16\n\x0cCompliance with Laws and Regulations\n\n      We determined that the following statutory provisions were relevant to our audit objective.\n\n      The FDI Act:\n         \xe2\x80\xa2 Sections 11(a) and (d), Deposit Insurance, Powers and Duties of Corporation as Conservator or\n             Receiver\n         \xe2\x80\xa2 Section 13(a), Investment of Corporation\xe2\x80\x99s Funds\n         \xe2\x80\xa2 Section 14, Borrowing Authority\n         \xe2\x80\xa2 Section 15(c), Limitation on Borrowing\n\n      Emergency Economic Stabilization Act of 2008:\n         \xe2\x80\xa2 Section 136(a)(3), Borrowing Limits Temporary Lifted\n\n      We found no instances of noncompliance with these statutory provisions. In addition, we assessed the\n      risk of fraud and abuse related to the audit objective in the course of evaluating audit evidence.\n\n\nPrior Coverage\n\n      We considered the FDIC OIG\xe2\x80\x99s July 2005 report, entitled The FDIC\xe2\x80\x99s Investment Policies (Report\n      No. 05-025), in planning and conducting our work. The objective of this prior audit was to determine\n      whether the FDIC\xe2\x80\x99s investment strategy and portfolio management procedures provide the highest\n      possible investment returns for the FDIC, taking into consideration the applicable legal and regulatory\n      framework established for investments by the BIF, SAIF, and Federal Savings and Loan Insurance\n      Corporation Resolution Fund. The report contained five recommendations, all of which were resolved\n      and closed prior to the start of our work.\n\n\n\n\n                                                         I-17\n\x0c                                                                                                 Appendix II\n                                        GLOSSARY OF TERMS\n\n\nAvailable-for-Sale (AFS)\nDebt and equity securities not classified as either HTM securities or trading securities are classified as\nAFS securities and reported at fair value, with unrealized gains and losses excluded from earnings and\nreported in a separate component of shareholders\xe2\x80\x99 equity (see definition for Financial Accounting\nStandard 115 below). In the case of the DIF\xe2\x80\x99s financial statements, these gains and losses are shown as a\nseparate line item in arriving at comprehensive income. In addition, the DIF does not have any\ninvestment securities classified as trading securities.\n\nBureau of Public Debt (BPD)\nBPD is an agency within the Treasury that borrows funds needed to operate the federal government\nthrough the issuance of such securities as U.S. Savings Bonds, Treasury Bills, and Treasury Notes. The\nBPD pays interest on these borrowings and when the borrowings mature, BPD redeems the securities.\n\nCommittee on Uniform Security Identification Procedures (CUSIP\xc2\xae)\nCUSIP\xc2\xae typically refers to both the Committee on Uniform Security Identification Procedures and the 9-\ncharacter alphanumeric security identifiers that the committee distributes for all North American\nsecurities for the purposes of facilitating clearing and settlement of trades. The CUSIP\xc2\xae distribution\nsystem is owned by the American Bankers Association and is operated by Standard & Poor\xe2\x80\x99s. The\nCUSIP\xc2\xae Service Bureau acts as the National Numbering Association for North America, and the\nCUSIP\xc2\xae serves as the National Securities Identification Number for products issued from both the United\nStates and Canada.\n\nDesignated Reserve Ratio (DRR)\nUnder the Federal Deposit Insurance Reform Act of 2005, the FDIC must, by regulation, set the DRR for\nthe DIF within a range of 1.15 percent to 1.50 percent. The DRR is defined as the DIF\xe2\x80\x99s net worth to the\nvalue of the aggregate estimated deposits insured by the fund.\n\nDuration\nIn finance, the duration of a financial asset measures the sensitivity of the asset\xe2\x80\x99s price to interest rate\nmovements, expressed as a number of years. Duration is useful primarily as a measure of the sensitivity\nof a bond\xe2\x80\x99s market price to interest rate (i.e., yield) movements. It is approximately equal to the\npercentage change in price for a given change in yield. For example, for small interest rate changes, the\nduration is the approximate percentage by which the value of the bond will fall for a 1 percent per annum\nincrease in market interest rates. So a 15-year bond with a duration of 7 would fall approximately 7\npercent in value if interest rates increased by 1 percent per annum. In this respect, duration is the\nelasticity of a bond\xe2\x80\x99s price in relation to interest rates.\n\nFinancial Accounting Standard (FAS) 115\nFAS 115 addresses the accounting and reporting for investments in equity securities that have readily\ndeterminable fair values and for all investments in debt securities. Those investments are to be classified\nin three categories and accounted for as follows:\n\n    \xe2\x80\xa2   Debt securities that the enterprise has the positive intent and ability to hold to maturity are\n        classified as HTM securities and reported at amortized cost.\n\n\n\n\n                                                     I-18\n\x0c    \xe2\x80\xa2   Debt and equity securities that are bought and held principally for the purpose of selling them in\n        the near term are classified as trading securities and reported at fair value, with unrealized gains\n        and losses included in earnings.\n\n    \xe2\x80\xa2   Debt and equity securities not classified as either HTM securities or trading securities are\n        classified as AFS securities and reported at fair value, with unrealized gains and losses excluded\n        from earnings and reported in a separate component of shareholders\xe2\x80\x99 equity (see definition for\n        AFS above for additional clarification).\n\nFederal Financing Bank (FFB)\nThe FFB is a government corporation, created by the Congress in 1973, under the general supervision of\nthe Treasury Secretary. The FFB was established to (among other things) centralize and reduce the cost\nof federal borrowing, as well as federally-assisted borrowing from the public. The FFB has statutory\nauthority to purchase any obligation issued, sold, or guaranteed by a federal agency to ensure that fully\nguaranteed obligations are financed efficiently.\n\nGovernment Account Series (GAS) Program\nOn a daily basis, BPD offers special-issue, non-marketable Treasury securities that are direct obligations\nof the United States and are offered exclusively in book-entry form. Although the GAS program is not\navailable to the general public, securities can be purchased and sold through the program at current\nmarket prices. The Treasury Secretary has restricted federal agencies with investment authority,\nincluding the FDIC, to buying and selling such securities through the GAS program.\n\nHeld-to-Maturity (HTM)\nDebt securities that the holder has the positive intent and ability to hold to maturity. HTM securities are\nreported at amortized cost (see FAS 115).\n\nInterest Rate Risk\nInterest rate risk is the potential that changes in interest rates may adversely affect the value of a financial\ninstrument or portfolio or the condition of the institution as a whole. In general, the values of longer-term\ninstruments are more sensitive to interest rate changes than the values of shorter-term instruments.\nInterest rate risk is commonly measured by a bond\xe2\x80\x99s duration.\n\nLiquidity\nLiquidity is the ability to fund increases in assets and meet obligations when they come due.\n\nLiquidity Risk\nLiquidity risk is the risk that an organization will not be able to meet its obligations when they come due.\nRelevant liquidity risk concepts include:\n\n    \xe2\x80\xa2   Market Liquidity Risk, which refers to the inability of an organization to sell its assets at or near\n        market value.\n    \xe2\x80\xa2   Funding Liquidity Risk, which refers to cash flow estimation or mismatch risk for both assets and\n        liabilities.\n    \xe2\x80\xa2   Contingency Planning (including stress testing), which refers to how, in the absence of market\n        funding liquidity, an organization can continue to meet its obligations, particularly under periods\n        of stress.\n\n\n\n\n                                                     I-19\n\x0cLiquidity Risk Management\nLiquidity risk management involves the processes, controls, and infrastructure for mitigating liquidity\nrisk.\n\nMaximum Obligation Limitation\nThe MOL refers to the provisions of Section 15(c) of the FDI Act that limit the DIF\xe2\x80\x99s ability to incur\nobligations other than deposit insurance guarantees. The MOL is the sum of: (a) DIF\xe2\x80\x99s cash and\ninvestments in Treasury securities valued at market value; (b) DIF\xe2\x80\x99s other assets valued at 90 percent of\nestimated market value; and (c) the $30 billion line of credit with Treasury pursuant to Section 14(a) of\nthe FDI Act. \xe2\x80\x9cObligations\xe2\x80\x9d include guarantees issued by the FDIC, amounts borrowed under section 14\nof the FDI Act, and obligations for which the FDIC has a direct or contingent liability to pay.\n\nReserve Ratio\nThe reserve ratio is a numeric figure reflecting the DIF balance divided by the DIF\xe2\x80\x99s estimated insured\ndeposits. The reserve ratio is a key measure used by the FDIC in assessing the adequacy of the fund\xe2\x80\x99s\nbalance and in formulating deposit insurance assessment policy.\n\n\n\n\n                                                   I-20\n\x0c                                                                         Appendix III\n                         ACRONYMS USED IN THE REPORT\n\nAFS            Available-for-Sale\nBIF            Bank Insurance Fund\nBPD            Bureau of Public Debt\nCFO            Chief Financial Officer\nCUSIP\xc2\xae         Committee on Uniform Security Identification Procedures\nDIF            Deposit Insurance Fund\nDOF            Division of Finance\nFDI            Federal Deposit Insurance\nFFB            Federal Financing Bank\nFHLB-Chicago   Federal Home Loan Bank of Chicago\nFHLB-NY        Federal Home Loan Bank of New York\nFIL            Financial Institution Letter\nFIU            Funding and Investments Unit\nGAO            Government Accountability Office\nGAS            Government Account Series\nHTM            Held-to-Maturity\nIAG            Investment Advisory Group\nKPMG           KPMG LLP\nMOL            Maximum Obligation Limitation\nNLF            National Liquidation Fund\nNPA            Note Purchase Agreement\nOCC            Office of the Comptroller of the Currency\nOIG            Office of the Inspector General\nSAIF           Savings Association Insurance Fund\nTIPS           Treasury Inflation Protected Securities\nTLGP           Temporary Liquidity Guarantee Program\nTMS            Treasury Management Section\nTOU            Treasury Operations Unit\n\n\n\n\n                                           I-21\n\x0c                Part II\n\nCorporation Comments and OIG Evaluation\n\x0cCORPORATION COMMENTS AND OIG EVALUATION\n\n    On May 8, 2009, the CFO and Director, DOF, provided a written response to a draft of\n    this report. Management\xe2\x80\x99s response is presented in its entirety beginning on the next\n    page. Management generally concurred with KPMG\xe2\x80\x99s findings and recommendations.\n\n    In response to recommendation 1, the CFO plans to update the Corporate Investment\n    Policy (where appropriate) and present it to the Board for review and approval by\n    October 31, 2009. When updating the policy, the CFO will discuss with the Board its\n    preference with respect to the appropriate interval between investment policy updates and\n    incorporate the Board\xe2\x80\x99s preferences for making such updates into the policy. In addition,\n    the CFO plans to update DOF\xe2\x80\x99s detailed investment procedures and guidelines (where\n    appropriate) by December 31, 2009. The CFO will periodically bring these updated\n    procedures and guidelines, as appropriate, to the IAG for review and approval.\n\n    In response to recommendation 2, the Director, DOF, plans to conduct independent\n    internal reviews of the Corporate Investment Program every 18 months, or more\n    frequently if conditions warrant. DOF will conduct the first of these reviews in the\n    second half of 2009. In response to recommendation 3, the CFO and Director, DOF, will\n    strengthen the FDIC\xe2\x80\x99s contingency funding plans by incorporating appropriate language\n    regarding FDIC\xe2\x80\x99s contingency funding authorities and strategies into the Corporate\n    Investment Policy and present it to the Board for approval in the fourth quarter of 2009.\n\n    In response to recommendation 4, the Director, DOF, will amend existing procedures for\n    purchasing and selling Treasury securities to require an original approval signature of an\n    authorized DOF staff member on the trade ticket. In addition, the individual who\n    approves the purchase and sale of a security will not be the same individual who\n    subsequently executes the transaction. DOF plans to implement this new control for all\n    securities transactions occurring after June 30, 2009. In response to recommendation 5,\n    DOF will verify key computations within PORTIA\xc2\xae (such as its modified duration\n    computations) whenever the software is upgraded. Such verifications will be performed\n    as part of the periodic internal reviews described in DOF\xe2\x80\x99s response to recommendation\n    2. In addition, DOF will ensure that formulas contained in key Excel\xc2\xae-based\n    spreadsheets that DOF has developed for regular analysis and reporting on investments\n    are periodically verified as a part of the division\xe2\x80\x99s periodic internal reviews.\n\n    A summary of management\xe2\x80\x99s response to the recommendations is on page II-6. DOF\xe2\x80\x99s\n    planned actions are responsive to KPMG\xe2\x80\x99s recommendations. The recommendations are\n    resolved, but will remain open until we determine that the agreed-to corrective actions\n    have been completed and are responsive.\n\n\n\n\n                                               II-1\n\x0cCORPORATION COMMENTS\n\n\n\n\n        II-2\n\x0cII-3\n\x0cII-4\n\x0cII-5\n\x0c                       MANAGEMENT RESPONSES TO RECOMMENDATIONS\n\n       This table presents management\xe2\x80\x99s responses to the recommendations in KPMG\xe2\x80\x99s report\n       and the status of the recommendations as of the date of report issuance.\n\n\nRec.       Corrective Action: Taken or Planned                Expected              Monetary Resolved:a Open or\nNo.                                                        Completion Date          Benefits Yes or No Closedb\n 1         The CFO will update the Corporate              December 31, 2009           $0     Yes        Open\n           Investment Policy, as appropriate, and\n           present it to the Board for approval in\n           late 2009. In addition, DOF will\n           periodically update procedures and\n           guidelines for investing the Corporate\n           and liquidation investment portfolios to\n           reflect current practices and\n           terminology and present them, as\n           appropriate, to the IAG for review and\n           approval.\n 2         DOF plans to conduct internal reviews          December 31, 2009              $0       Yes            Open\n           every 18 months, or more frequently if\n           conditions warrant, and will conduct the\n           first of these reviews in the second half\n           of 2009.\n 3         DOF will incorporate appropriate               October 31, 2009               $0       Yes            Open\n           language regarding the FDIC\xe2\x80\x99s\n           contingency funding authorities and\n           strategies into the Corporate Investment\n           Policy.\n 4         DOF will amend existing procedures for         June 30, 2009                  $0       Yes            Open\n           securities transactions by requiring an\n           original approval signature of an\n           authorized DOF staff member on trade\n           tickets and subsequent transaction\n           execution by a different DOF staff\n           member.\n 5         DOF will ensure that verifications are         December 31, 2009              $0       Yes            Open\n           performed, as appropriate, of PORTIA\xc2\xae\n           and key Excel\xc2\xae-based spreadsheets as\n           part of DOF\xe2\x80\x99s periodic internal reviews\n           described under Recommendation 2.\n\n       a\n           Resolved \xe2\x80\x93 (1) Management concurs with the recommendation, and the planned, ongoing, and completed\n                          corrective action is consistent with the recommendation.\n                      (2) Management does not concur with the recommendation, but alternative action meets the\n                          intent of the recommendation.\n                      (3) Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount.\n                          Monetary benefits are considered resolved as long as management provides an amount.\n       b\n         Once the OIG determines that the agreed-upon corrective actions have been completed and are responsive to\n       the recommendations, the recommendations can be closed.\n\n\n\n\n                                                            II-6\n\x0c'